net/http: permit requests with invalid Host headers - go - Fork of Go programming language with my patches.

diff options

author	Damien Neil <dneil@google.com>	2023-07-19 10:30:46 -0700
committer	Damien Neil <dneil@google.com>	2023-08-07 22:48:40 +0000
commit	b9153f6ef338baee5fe02a867c8fbc83a8b29dd1 (patch)
tree	39b03359675da7b0cb56baa333b136871709d2e3 /src/database
parent	26e0660811d477dcb30f1abcf71ed9db7a9c4472 (diff)
download	go-b9153f6ef338baee5fe02a867c8fbc83a8b29dd1.tar.xz

net/http: permit requests with invalid Host headers

Historically, the Transport has silently truncated invalid Host headers at the first '/' or ' ' character. CL 506996 changed this behavior to reject invalid Host headers entirely. Unfortunately, Docker appears to rely on the previous behavior. When sending a HTTP/1 request with an invalid Host, send an empty Host header. This is safer than truncation: If you care about the Host, then you should get the one you set; if you don't care, then an empty Host should be fine. Continue to fully validate Host headers sent to a proxy, since proxies generally can't productively forward requests without a Host. For #60374 Fixes #61431 Change-Id: If170c7dd860aa20eb58fe32990fc93af832742b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/511155 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Damien Neil <dneil@google.com>

Diffstat (limited to 'src/database')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: